Global Internet Threat and Attacks Report for September 23rd

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4122
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for September 23rd

Unread post by mikeshinn »

Atomicorp Threat Intelligence RBL
Rule ID Count
-----------------------------------------
350052 35254 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-2 Match)
350053 32714 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-3 Match)
355501 15735 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL (TI-2). See this URL for details http://www.atomicrbl.com/lookup
355503 10278 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL (TI-3). See this URL for details http://www.atomicrbl.com/lookup
350051 8657 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI Match)
355500 6213 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL (TI-1). See this URL for details http://www.atomicrbl.com/lookup
355504 5516 Atomicorp.com WAF Rules: Threat Intelligence Match for Known attacker Source on Atomicorp Threat Intelligence RBL (TI-4). See this URL for details http://www.atomicrbl.com/lookup
350054 5149 Atomicorp.com WAF Rules: Threat Intelligence Match for known Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-4 Match)
350055 1516 Atomicorp.com WAF Rules: Threat Intelligence Match for known multi event Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-5 Match)
355506 1212 Atomicorp.com WAF Rules: Threat Intelligence Match for Known multi event attacker Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup


Top 25 Rules (level 6+)
Rule ID Count
-----------------------------------------
5706 16849 SSH insecure connection attempt (scan).
392301 10015 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
60910 6078 Very Slow Wordpress brute force login failures from same IP source.
60159 5135 Wordpress brute force (fast) login failures
171303 4985 Known brute force attacker.
4151 4846 Multiple Firewall drop events from same source.
3357 4835 Multiple rapid SASL authentication failures.
330701 4604 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
5712 4075 SSHD brute force trying to get access to the system.
300079 4017 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
5720 3236 Multiple SSHD authentication failures.
31102 3079 Possible DoS Consumption Attack
340162 3008 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
330131 2401 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
336468 2249 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
11306 1909 FTP brute force (multiple failed logins).
334009 1854 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
11254 1663 Multiple attempts to login using a non-existent user..
340095 1589 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
5551 1536 Multiple failed logins in a small period of time.
330082 1535 Atomicorp.com WAF Rules: Known Exploit User Agent
390613 1370 Atomicorp.com WAF Rules: Invalid character in request or headers
340361 1197 Atomicorp.com WAF Rules: CONNECT method denied
340006 1156 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
336460 928 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack


Top 25 WAF Rules (level 6+)
Rule ID Count
-----------------------------------------
392301 10015 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
330701 4604 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
300079 4017 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
340162 3008 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
330131 2401 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
336468 2249 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
334009 1854 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
340095 1589 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
330082 1535 Atomicorp.com WAF Rules: Known Exploit User Agent
390613 1370 Atomicorp.com WAF Rules: Invalid character in request or headers
340361 1197 Atomicorp.com WAF Rules: CONNECT method denied
340006 1156 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
336460 928 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
341245 810 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
300066 776 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
340016 763 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
378491 706 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Attempt to Exploit PHP CGI command injection vulnerablity
351000 695 Atomicorp.com Upload Malware Scanner: Malicious File upload attempt detected and blocked
347008 530 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
390501 524 Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename
303800 522 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
318812 512 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in Joomla images directory
336461 468 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
330205 432 Atomicorp.com WAF Rules: Joomla Exploit Bot
330791 368 Failed to parse request body. This may be an impedence mismatch attack, a broken application or a broken connection. This is not a false positive. Check your application or client for errors.
Post Reply